Corporate Sustainability Due Diligence Directive: Amendments under Omnibus I finalised

9 April 2026 6 min read

By Sarah Hellewell

At a glance

The Omnibus I Amending Directive was approved by the EU Council in February 2026 and came into force on 18 March 2026.
Omnibus I narrows the Corporate Sustainability Due Diligence Directive's scope of application and delays application of its requirements to 26 July 2029.

Introduction

The Corporate Sustainability Due Diligence Directive (CSDDD) establishes an EU‑wide, risk‑based duty for large companies to identify, prevent, mitigate and account for adverse human‑rights and environmental impacts in their own operations, subsidiaries and value chains. It aims to harmonise divergent national regimes, reduce fragmentation and strengthen both supervision by public authorities and access to remedy for affected stakeholders.

For employers, the Directive targets various labour and human‑rights risks including child and forced labour, occupational health and safety, freedom of association and collective bargaining. Its provisions will shape how HR, procurement and compliance teams manage workforce and supply‑chain governance globally.

Key requirements under the Directive as originally enacted (5 July 2024)

The original CSDDD entered into force on 25 July 2024. As enacted in 2024, the CSDDD covered EU companies with more than 1,000 employees and over EUR450 million net worldwide turnover (or EU‑established parent groups meeting those thresholds) and non‑EU companies generating over EUR450 million net turnover in the EU. Application was phased by size: from 26 July 2027 for companies over 5,000 employees and EUR1.5 billion turnover; from 26 July 2028 for those over 3,000 employees and EUR900 million turnover; and from 26 July 2029 for the remaining in‑scope companies over 1,000 employees and EUR450 million turnover.

The CSDDD introduced a corporate due‑diligence duty built around a familiar six‑step cycle aligned with international standards. Companies must integrate due diligence into policies and risk‑management systems; identify and assess actual and potential adverse impacts; prevent, mitigate, bring to an end or minimise impacts; conduct meaningful stakeholder engagement; operate a complaints procedure; monitor effectiveness; and communicate annually on their due‑diligence approach (with coordination for entities already reporting under the Corporate Sustainability Reporting Directive (CSRD)). For people functions, this translates into systematic labour‑rights risk mapping, clear escalation and remediation pathways, and robust worker‑voice channels.

The CSDDD'S scope extends beyond a company’s own operations to its subsidiaries and, through the 'chain of activities', to business partners. For most sectors, this means considering both upstream and selected downstream value‑chain relationships. Stakeholder engagement must protect workers via safe reporting channels and non‑retaliation policies that function across a company's geographies and the tiers of its value chain.

Enforcement combines public supervision and civil liability. Member States must designate supervisory authorities with powers to investigate, demand corrective action, publish information on non‑compliance and impose effective, proportionate and dissuasive penalties. Civil‑liability provisions require access to full compensation where harm results from a company’s intentional or negligent failure to conduct due diligence, with liability otherwise governed by national law. In practice, HR and supply‑chain decisions, for example on the reasonableness of supplier controls, risk creating regulatory and litigation exposure across the EU.

February 2025 Omnibus Package

On 26 February 2025, the European Commission presented an omnibus simplification package designed to reduce administrative burdens and clarify the interplay between the CSDDD and the CSRD. Two key elements of the package were:

A 'Stop‑the‑Clock' proposal to postpone certain application dates, recognising the need for an additional implementation runway for both companies and national authorities.
A policy direction towards narrower scope, later application and more streamlined mechanics for due diligence and sustainability reporting. While the package did not reverse the commitment to corporate responsibility, it foreshadowed targeted adjustments intended to ease compliance while preserving the core risk‑based model.

Stop-the-Clock Directive

The Stop‑the‑Clock Directive (SCD), adopted and published in April 2025, postponed key dates to provide legal certainty and reduce the near‑term burden. For the CSRD, entry into force was delayed by two years for companies not yet reporting and for listed SMEs. For the CSDDD, the SCD pushes application back by one year, implementing a single, unified start date rather than tiered phasing. Member States are required to transpose CSDDD requirements by 26 July 2028 and companies must comply from 26 July 2029.

Omnibus I CSRD and CSDDD Simplification Directive

The Omnibus I Amending Directive (Omnibus I), signed off in February 2026 and in force on 18 March 2026, has narrowed the CSDDD's scope, streamlined obligations and reset key dates, while aiming to limit 'trickle‑down' burdens on SMEs and smaller business partners in the value‑chain.

For the CSDDD, Omnibus I sets the transposition deadline as 26 July 2028 and moves first application to 26 July 2029. Revised thresholds significantly reduce the population of directly regulated companies so that the CSDDD applies to very large companies only, namely EU companies with more than 5,000 employees and net turnover above EUR1.5 billion worldwide or non‑EU companies with EU turnover above EUR 1.5 billion.

Although this change in scope narrows direct coverage, many employers outside scope will still encounter CSDDD‑driven requirements via customer contracts, supplier codes and tender conditions.

Substantive changes to the CSDDD under Omnibus I relevant to employers include the following:

Full‑harmonisation expanded for the core mechanics of due diligence: Omnibus I tightens the 'no gold‑plating' rule by extending full‑harmonisation to key elements of the due diligence process including identification and prioritisation of adverse impacts; addressing impacts; complaints and notification mechanisms; monitoring; and reporting. Member States retain room to legislate more stringently only for specific objectives or fields, but not to alter the general architecture of the due‑diligence process. This should improve cross‑border consistency for employers operating in multiple EU markets.
Penalties recalibrated and partially harmonised: The previous requirement that pecuniary penalties be based on net worldwide turnover is removed. Instead, Omnibus I introduces a uniform EU maximum cap of 3% of the company’s net worldwide turnover and requires authorities to set penalties that are effective, proportionate and dissuasive by weighing turnover alongside the statutory aggravating/mitigating factors. The Commission is to develop guidance to promote consistent penalty setting across Member States.
Stakeholder‑engagement and monitoring rules streamlined: Omnibus I refines the stages at which consultation of relevant stakeholders is required and replaces the CSDDD’s monitoring article to emphasise proportionate, risk‑based evaluation of due‑diligence effectiveness. Employers should ensure worker‑voice channels, union engagement and third‑party grievance mechanisms are integrated into risk identification, corrective action and remediation, and that monitoring cycles reflect the severity and likelihood of labour risks.
Value‑chain burden constrained: To limit adverse 'trickle‑down' effects, Omnibus I codifies that in‑scope companies should request only information from business partners that is necessary, and that information requests must be targeted, reasonable and proportionate. In practice, HR and procurement teams should rationalise supplier questionnaires and audits, focus on outcome‑oriented controls and capacity‑building, and avoid duplicative demands on SMEs.

What global employers should do now

The CSDDD and its interaction with the CSRD set a market baseline for workforce due diligence that will be pushed forward in supply chains through contract requirements and by customer expectations. Global employers should therefore:

Map exposure and prioritise labour risks: Conduct assessments to identify business units, geographies and tiers with the greatest risks to people, such as recruitment of migrant workers, excessive overtime, use of agency labour or high‑risk health and safety environments.
Strengthen worker‑voice and grievance channels: Ensure accessible, trusted mechanisms for the business's workforce and for value‑chain workers, with protections against retaliation. Track issues through to remediation and integrate lessons learned into preventive measures. Worker and trade‑union engagement should be meaningful, timely and context‑sensitive.
Align procurement and HR governance: Update supplier codes, contract clauses and audit protocols to reflect risk‑based expectations and the principle of proportionality. Avoid over‑burdening SMEs by focusing on outcomes, providing guidance and support, and where feasible using corrective‑action rather than contract termination.
Plan programme timelines: Monitor national implementing laws for supervisory procedures, penalties and any gold‑plating that increases requirements in particular jurisdictions. But plan to work to towards application from 26 July 2029 as per SCD and Omnibus I.
Prepare for supervisory engagement and civil‑liability: Keep clear records demonstrating reasonable, risk‑based measures and the rationale for prioritisation decisions. Ensure remediation frameworks are operational and reflected in training, budget and governance.

Overall, Omnibus I provides a risk‑based, worker‑centred due‑diligence model with reduced prescriptive formalities. Employers should review their programmes against the clarified harmonisation boundaries, penalty risks and engagement/monitoring expectations, and plan updates ahead of the 2029 implementation milestone.